CN106302346A - The safety certifying method of API Calls, device, system - Google Patents
The safety certifying method of API Calls, device, system Download PDFInfo
- Publication number
- CN106302346A CN106302346A CN201510280745.2A CN201510280745A CN106302346A CN 106302346 A CN106302346 A CN 106302346A CN 201510280745 A CN201510280745 A CN 201510280745A CN 106302346 A CN106302346 A CN 106302346A
- Authority
- CN
- China
- Prior art keywords
- token
- api request
- client
- identity
- appointment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
This application discloses the safety certifying method of API Calls, device and system, the method running on server end includes step, when, after the API request receiving client, if carrying token in API request, then verifying described token the most effective;If API request not carrying described token or described token being invalid token, then the authentication information in API request is submitted to customer center and carry out authentication;After described customer center authentication is passed through, calculate the new token of acquisition and be sent to described client;Described make effective board token according to the random number of encryption that obtained by non-reversible algorithm of the parameter made an appointment.The application can reduce the authentication efficiency promoted client, and reduce the burden server end performance loss of customer center under ensureing safety premise.
Description
Technical field
The application relates to the technology of security invocation API, particularly relate to API Calls safety certifying method,
Device, system.
Background technology
Internet works software product is mainly divided into two big classes from product audient at present, consumes including terminaloriented
The generic internet product of person, such as Sina's microblogging Web end, knows Web end etc..This series products
Feature be to use this series products to as if the mankind, the media content that major part provides is Un-structured
Text (such as novel, blog), picture, audio frequency and video etc..Another kind of product towards audient be calculate
Machine, i.e. service principal mode is for providing API (the Application Programming of DLL
Interface, application programming interfaces), facilitate programmer to utilize this API to carry out secondary development.This kind of product
The feature of product be service object be computer, it is provided that media content major part be structurized literary composition
This, such as XML, JSON etc..
For API type product, at present for the way that safety certification is common be use by user account and
The authentication informations such as password submit the mode of each certification to every time.For the product of terminal consumer's type, generally
It is that after user uses client browser to enter homepage of server, user authentication is passed through by server first
After, create a Session for this user, and issue Session ID, client browser to user
Record this Session ID by cookie or URL, submit to request content can carry this in next time
Session id information, server receives Session ID, if Session ID is at server
Just think in Session ID storage list that this user is for validated user.
Owing at present for the authentication mode of API type product, each certification is required to call customer center
It is authenticated, therefore most likely results in service end when the unexpected factors such as network call shake occur and call
There is intermittent unstable situation in customer center, eventually affects user and calls instability.And for terminal
, owing to depending on cookie to store Session ID, therefore there is forgery and attack in the product of consumer type
The security breaches hit, and when malicious user, by sniff procotol bag and to have cracked HTTP relevant
After the value of cookie or Session ID, just can hand over to server end by disguise as validated user
Mutually.
Summary of the invention
The application provides the safety certifying method of API Calls, device, system, is ensureing safety premise
Under, promote the authentication efficiency to client, and reduce the burden of customer center.
First aspect according to the embodiment of the present application, it is provided that the safety certifying method of a kind of API Calls, fortune
Row is in server end, and the method comprising the steps of:
When, after the API request receiving client, if described API request carries token, then verifying
Token in described API request is the most effective;If described API request does not carries token or described
Token in API request is invalid token, then the authentication information in described API request is submitted to user
Center carries out authentication;After described customer center authentication is passed through, send out calculating the token obtained
Give described client;According to the token that token in described API request and described calculating obtain in advance
The random number of the encryption that the parameter of agreement is obtained by non-reversible algorithm.
The identity of client, by providing token to client, is verified by the application with token.?
During computational token, obtain the random number of encryption as order according to the parameter made an appointment by non-reversible algorithm
Board, the random number so calculated is the random number with unique value, and server is receiving client every time
API request after, the most whether check token effective, to ensure the safety of token.Owing to being not required to
Frequently to access customer center the identity of client is verified, therefore ensure safety the most also
Reduce the server request number of times to customer center, decrease the burden of customer center, when reducing simultaneously
Prolong, accelerate login authentication, it also avoid the wink caused due to the uncertain factor such as fluctuation of integrated environment
Between service end request customer center malloc failure malloc, thus improve systematic function and stability.
Second aspect according to the embodiment of the present application, it is provided that the safety certifying method of a kind of API Calls, fortune
Row is in client, and the method comprising the steps of:
When receiving the token of server, described token is stored;Make an appointment according to described token
The random number of encryption that obtained by non-reversible algorithm of parameter;
When constructing API request, described token and authentication information are carried at described API request;
Described API request is sent to server.
Token, after receiving the token of server, is stored by the client of the application, and in API request
Carry token and return to server, so that server can be to the effectiveness of token entrained in API
Verify, in order to need not frequently access customer center and the identity of client is verified, it is achieved
Ensureing that safety the most also reduces the server request number of times to customer center, decreasing customer center
Burden.
The third aspect according to the embodiment of the present application, it is provided that the safety certification device of a kind of API Calls, position
In server end, including:
First communication module, for receiving the API request of client;
Processing module, in time carrying token in described API request, verifies in described API request
Token the most effective;The token not carried in described API request in token or described API request is
During invalid token, the authentication information in described API request is submitted to customer center and carries out authentication;
After described customer center authentication is passed through, it is sent to second communication module by calculating the token obtained;
The parameter made an appointment according to the token that token in described API request and described calculating obtain is not by
The random number of the encryption that reversible algorithm obtains;
Second communication module, for sending the described token calculating and obtaining to described client.
The identity of client, by providing token to client, is verified by the application with token.?
During computational token, obtain the random number of encryption as order according to the parameter made an appointment by non-reversible algorithm
Board, the random number so calculated is the random number with unique value, and server is receiving client every time
API request after, the most whether check token effective, to ensure the safety of token.Owing to being not required to
Frequently to access customer center the identity of client is verified, therefore ensure safety the most also
Reduce the server request number of times to customer center, decrease the burden of customer center, when reducing simultaneously
Prolong, accelerate login authentication, it also avoid the wink caused due to the uncertain factor such as fluctuation of integrated environment
Between service end request customer center malloc failure malloc, thus improve systematic function and stability.
Fourth aspect according to the embodiment of the present application, it is provided that the safety certification device of a kind of API Calls, fortune
Row in client, including:
Memory module, for when receiving the token of server, stores described token;Described token
According to the random number of encryption that obtained by non-reversible algorithm of the parameter made an appointment;
Message constructing module, for when constructing API request, carrying described token and authentication information
Described API request;
Communication module, for receiving the described token of server, and issues described memory module, and will
Described API request is sent to server.
Token, after receiving the token of server, is stored by the client of the application, and in API request
Carry token and return to server, so that server can be to the effectiveness of token entrained in API
Verify, in order to need not frequently access customer center and the identity of client is verified, it is achieved
Ensureing that safety the most also reduces the server request number of times to customer center, decreasing customer center
Burden.
The 5th aspect according to the embodiment of the present application, it is provided that the security certification system of a kind of API Calls, bag
Include server, customer center,
Described server, for when after the API request receiving client, if taken in described API request
With token, then verify the token in described API request the most effective;If in described API request not
Carrying the token in token or described API request is invalid token, then by the authentication in described API request
Information is submitted to customer center and is carried out authentication;After described customer center authentication is passed through, will meter
Calculate the token obtained and be sent to described client;Token in described API request and described calculating obtain
The random number of the encryption that the parameter made an appointment according to token is obtained by non-reversible algorithm;
Described customer center, for the described authentication information that sends according to described server to described client
Carry out authentication, and the result of authentication is notified described server.
The identity of client, by providing token to client, is verified by the application with token.?
During computational token, obtain the random number of encryption as order according to the parameter made an appointment by non-reversible algorithm
Board, the random number so calculated is the random number with unique value, and client is receiving the order of server
Bridge queen, stores token, and carries token in API request and return to server, and server is every time
After receiving the API request of client, check token is the most effective the most again, to ensure the safety of token
Property.Owing to need not frequently to access customer center, the identity of client is verified, therefore ensureing
Safety the most also reduces the server request number of times to customer center, decreases the burden of customer center,
Reduce time delay simultaneously, accelerate login authentication, it also avoid owing to the fluctuation etc. of integrated environment is uncertain
The instant service end request customer center malloc failure malloc that factor causes, thus improve systematic function and stablize
Property.
Accompanying drawing explanation
Fig. 1 is a kind of network environment figure in the embodiment of the present application;
Fig. 2 is the flow chart of the safety certifying method that API is called in server side in the embodiment of the present application;
Fig. 3 is the flow chart of the safety certifying method that client-side calls API in the embodiment of the present application;
Fig. 4 is the sequential chart of the safety certifying method calling API in one application example of the application;
Fig. 5 is the hardware structure figure of the safety certification device calling API in the embodiment of the present application;
Fig. 6 is the software logic block diagram of the safety certification device of API in one embodiment of the application;
Fig. 7 is the software logic block diagram of the safety certification device of API in one embodiment of the application;
Fig. 8 is the software logic block diagram of the security certification system of API in one embodiment of the application.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following
When description relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous
Key element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the application
There is embodiment.On the contrary, they only with as appended claims describes in detail, the one of the application
The example of the apparatus and method that a little aspects are consistent.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting
The application." a kind of " of singulative used in the application and appended claims, " institute
State " and " being somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.Also should
Work as understanding, term "and/or" used herein refer to and comprise one or more be associated list item
Any or all possible combination of purpose.
Although should be appreciated that may use term first, second, third, etc. various to describe in the application
Information, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information that
This distinguishes.Such as, in the case of without departing from the application scope, the first information can also be referred to as
Two information, similarly, the second information can also be referred to as the first information.Depend on linguistic context, as in this institute
Use word " if " can be construed to " and ... time " or " when ... time " or " response
In determining ".
The safety certifying method of API Calls provided herein is applicable to the mutual mistake of client and server
Journey is the API system that stateless is mutual, and a typical applied environment is REST
The API system of (Representational State Transfer, representational state transfer) style
System, is called for short REST-API system.REST is typically based on use HTTP etc. and assists current pandemic connection
View, it is stateless (the most not recording the information of each connection) that HTTP connects, but at REST
Transmission comprises all status informations of application.
Fig. 1 is a kind of network environment more typically that the application is suitable for.As it can be seen, network 100 leads to
Often may be configured to any type of wired or wireless communication channel being coupled together by network node.
This includes but not limited to, LAN, wide area network, the combination of network or support two or more calculating system
Between other networks of communication.In a kind of embodiment of the application, network 100 includes Yin Te
Net.
Equipment included in network 100 includes the client 101 of request call API, as API's
The server 102 of provider, customer center 103, customer center 103 possesses according to authentication information client
End carries out the ability of authentication, and preserves the various identification informations corresponding to client 101, such as
User account, password, Customs Assigned Number etc..
Fig. 2 provides the flow chart of embodiments herein, illustrated therein is server 102 and is calling
Security authentication process during API.
S201, receives the API request of client;
S202, if carrying token in API request, then whether the token in verification API request has
Effect;If the token not carried in API request in token or API request is invalid token, then by API
Authentication information in request is submitted to customer center and is carried out authentication;Pass through in customer center authentication
After, calculate and obtain new token, be sent to client by calculating the token obtained;API request carries
Token and calculate the token that obtained all according to the parameter made an appointment obtained by non-reversible algorithm
The random number of encryption.
In this application, when client 101 first logs into server 102, due to now server
102 not yet provide token to client 101, accordingly, it would be desirable to use client 101 authentication information to
Customer center 103 carries out authentication;After customer center 103 is verified, server 102 can pass through
Calculate and generate token and be issued to client 101, afterwards, when client 101 is mutual with server 102
Carrying this token, this token is verified by server 102 every time, confirms coming of client 101
Source, if the token valid in API request, then again by the authentication information of client to customer center
103 carry out authentication, and certification can provide token to client after passing through again.
The identity of client, by providing token to client 101, is tested by the application with token
Card, if token is effective, then it is assumed that the identity of this client is legal.When computational token, according in advance
The parameter of agreement is by the random number of non-reversible algorithm acquisition encryption as token, and that so calculates is random
Number is the random number with unique value, and server is after the API request every time receiving client, the most again
Check token is the most effective, to ensure the safety of token.Owing to need not frequently access customer center
The identity of client is verified, is therefore ensureing that safety the most also reduces server 102 to user
The request number of times at center 103, improves systematic function and stability.
In one embodiment, server 102 verifies the token in API request effective approach can
To be that the index information according to token obtains the parameter made an appointment, pass through not according to the parameter made an appointment
Reversible algorithm calculates current token, it is judged that current token and the token in the API request received whether phase
With, if identical, then judge that the token carried in this API request is effective, if carried in API request
Token effective, then it is assumed that this client identity is verified, and carries out follow-up interaction, such as,
The related data of api interface client asked is sent to client;If it is not the same, then judge
The token valid carried in API request.
When the token that server 102 obtains after calculating is sent to client 101, can be by token
Index information issues client, in order to client carries the index information of this token together with calculating the order obtained
Board returns to server 102 together, as an embodiment, can index information and calculating be obtained
Token carries and is sent to client in same message, it is also possible to order index information and calculating obtained
Board is sent to client as two different message.Index information is used for finding calculating and this client
The most predetermined parameter that token is relevant, can regard the unique mark distinguishing different token as.Such as,
Can be when computational token, generate the character string of a uniqueness;Or can be customer center 103
To client 101 certification by an identity of rear return (such as, client IP address,
MAC Address, client identification, Customs Assigned Number, user account etc.).
In order to calculate, there is unique value, and reproducible random number is as token, need to appoint in advance
Reserve relevant parameter and algorithm, when providing token and during check token effectiveness, use identical ginseng
Number and algorithm carry out computational token.
As an example, the parameter reserved the most in advance can include the ginseng relevant with client uniqueness
Number, for example, it may be at least one identity, identity can include client IP address,
MAC Address, client identification, Customs Assigned Number, user account etc..
In order to be better protected from malicious user by attempting the conjecture occurrence to the parameter made an appointment
To obtain token, the parameter made an appointment also includes encrypting key, can be using a random number as encryption
Key also preserves on the server.
As an example, can be by hash algorithm as non-reversible algorithm, the such as example of formula 1
Described situation:
Token=Hash (MAC, UID, KEY) (formula 1)
In formula 1, Token is calculative token, and the parameter made an appointment in equation 1 is client
The MAC Address of end, subscriber-coded UID, encryption key KEY.
In one example, token can be attached in http header transmission, in order to preferably prevent order
The risk that board is stolen, the parameter made an appointment can also include effect duration certificate parameter, is generating token
Time validity verification parameter also served as the input parameter of non-reversible algorithm, the such as reality described by formula 2
Example:
Token=Hash (MAC, UID, SEED, KEY) (formula 2)
In formula 2, Token is calculative token, and the parameter made an appointment in formula 2 is client
The MAC Address of end, subscriber-coded UID, encryption key KEY, validity verification parameter SEED.SEED
It is one and calls the value that life cycle is relevant with Token, if using the time as SEED, then Ke Yixuan
Select this Token the most afterwards to lose efficacy, if using call number as SEED, then can select
After fixed number of times, this Token lost efficacy, it is readily appreciated that, the implementation of validity verification parameter not office
It is limited to cited several ways.
After calculating acquisition token, when client sends this token, can be by validity verification parameter one
And send to client;Client is carried this effect duration in the protocol header of HTTP when returning API request and is tested
Card parameter, after server end obtains validity verification parameter, by the most expired for token current for checking, example
As SEED timestamp is more than the out-of-service time with current time interval, or SEED call number is more than
Fixed number of times, then token can be regarded as and lost efficacy.If the token in verification API request has lost
Effect, then again to customer center authentication, and again issue new token for client;If non-mistake
Phase, then calculate current token according to the parameter made an appointment, it is judged that current token and the order in API request
Board is the most identical, if identical, then the token in API request is effective, if it is not the same, then API please
Token valid in asking.
Fig. 3 provides the flow chart of embodiments herein, illustrated therein is client 101 and is calling
Security authentication process during API.
S301, when receiving the token of server, stores token;
In one embodiment, client is when sending, to server, the request calling API first, permissible
Authentication information is sent to server, and authentication information is used to carry out authenticating required letter to customer center
Breath, for different designs, the content of authentication information can be different, more typically can be user
The information such as account, password.Server asks this visitor of certification according to the authentication information of client to customer center
The identity of family end, if certification is not passed through, then server will notify client identity authentification failure, if
Client certificate is passed through by customer center, then server returns generating token according to the parameter made an appointment
To client.As an example, after client receives the token that server returns, can be by token
It is stored in the current process space.Furthermore it is also possible to the index information corresponding to token is deposited
Storage.The index information of token both can be a random number with uniqueness, it is also possible to be identity mark
Know, the IP address of such as client, MAC Address, client identification, Customs Assigned Number, user account etc.
Information.Index information corresponding to token can be to be sended over by server, it is also possible to is and service
The information that device is made an appointment, such as, if using user account as index information, then can be user
During login, user account is preserved.
In another embodiment, if the token that client issues server is invalid token, then service
Device again according to client authentication information to customer center request this client of certification identity, if recognized
Card does not passes through, then server will notify client identity authentification failure, if client is recognized by customer center
Card passes through, then server returns to client by generating new token according to the parameter made an appointment again,
Client updates the token preserved with new token.
S302, when constructing API request, carries token and authentication information in API request;
From S301 it can be seen that according to different embodiments API request, the information that may carry is permissible
Including token, index information, user account, password etc..
S303, is sent to server by API request.
Owing to token is the irreversible random number through encryption, cannot get in token after being therefore trapped
Occurrence, in order to ensure that the sensitive informations such as index information, user account, password are not maliciously intercepted and captured,
Secure communication channel can be used to be transmitted.It is, for example possible to use URL calls API, and please
Ask and can pass through HTTPS session, send as HTTP " GET (obtaining) " message.
In one example, client and server need to arrange in advance the parameter of computational token, for clothes
The parameter that business device cannot obtain, is sent to server by client in API request after can being collected,
Such as, the identity of some such as MAC Address, API request can be passed through after client is collected
It is sent to server.
Fig. 4 shows the safety certification side of the API Calls of the embodiment of the present application under concrete application scenarios
Method.
Assume that user is desirable for the weather forecast service that the client of certain " weather forecast " provides, user
In order to use this service, need by " weather forecast " client to " weather forecast " server identity
Certification, after " weather forecast " server authentication user identity is legal, just can allow by opening API interface
The client of " weather forecast " reads the related data oneself of weather forecast and is stored in " weather forecast " clothes
Photo on business device.Therefore, after " weather forecast " client needs to obtain user's mandate, " weather is pre-
Report " server just can agree to that " weather forecast " client reads these photos.In this application example,
Client 101 is " weather forecast " client, and server 102 is " weather forecast " server.?
In this application example, the parameter made an appointment required for computational token includes the IP address of client, use
Family numbering UID, encryption key KEY, validity verification parameter SEED.
S401, after user opens " weather forecast " client, input user account and password, and want
" weather forecast " client is asked to obtain data of weather forecast to " weather forecast " server;
S402, user account and the password of user are carried at API request by " weather forecast " client
In, it is sent to " weather forecast " server by HTTPS escape way;Now token and UID are
Empty;
S403, owing to token value is empty, therefore " weather forecast " server is lost by token authentication identity
Lose, then to the identity of customer center request this user of certification;
S404, after customer center certification, return authentication result.If the certification of customer center fails to lead to
Cross, will directly report an error, and return error message.If certification is passed through and by subscriber-coded the one of this user
Rise and return to " weather forecast " server;
S405, " weather forecast " server is according in the IP address carried in API request and user
The UID that the heart returns, calculates token according to below equation;
Token=Hash (IP, UID, KEY, SEED)
S406, Token and UID, SEED are sent to that " weather is pre-by " weather forecast " server in the lump
Report " client, and to " weather forecast " client opening API interface;
S407, " weather forecast " client is at the follow-up access process to " weather forecast " server
In, each API request can carry Token and UID, SEED and authentication information and be sent to that " weather is pre-
Report " server;SEED carries in the message header of HTTP;
S408, " weather forecast " server judges that SEED is the most out of date, if expired, then according to root
Access customer center according to authentication information to be authenticated;If not having expired, then perform S409;
S409, reads KEY, IP address stored, together with UID, SEED as input according to UID
Parameter calculates the value of Token again, if the Token value phase sent with " weather forecast " client
With, then allow the data of weather forecast (S410) that " weather forecast " client-access is relevant;If not
Pass through, then access customer center again according to authentication information and be authenticated, perform verification process according to S411
(not shown);
S411, after customer center certification, return authentication result.If the certification of customer center fails to lead to
Cross, will directly report an error, and return error message.If certification is passed through and by subscriber-coded the one of this user
Rise and return to weather forecast servers;Weather forecast servers calculates Token value again, and will newly obtain
Token value be sent to " weather forecast " client.
Corresponding with the embodiment of the method for the safety certification of aforementioned API Calls, present invention also provides
The embodiment of the device of the safety certification of API Calls.
The embodiment of the device of the safety certification of the application API Calls can be applied in server or client
On.Device embodiment can be realized by software, it is also possible to by the way of hardware or software and hardware combining
Realize.As a example by implemented in software, as the device on a logical meaning, it is by its place server
Or computer program instructions corresponding in nonvolatile memory is read in internal memory by the processor of client
Run formation.For hardware view, as it is shown in figure 5, be the safety certification of the application API Calls
Device place client or a kind of hardware structure diagram of server, except the processor shown in Fig. 5, interior
Deposit, outside network interface and nonvolatile memory, the client at device place or clothes in embodiment
Business device is generally according to the actual functional capability of this equipment, it is also possible to includes other hardware, repeats no more this.
Refer to Fig. 6, the software logic block diagram of the safety certification device 600 of API Calls as it can be seen,
It is positioned at server end, including:
First communication module 601, for receiving the API request of client;
Processing module 602, in time carrying token in described API request, verifying described API please
Token in asking is the most effective;The order in token or described API request is not carried in described API request
When board is invalid token, the authentication information in described API request is submitted to customer center and carries out identity and test
Card;After described customer center authentication is passed through, calculate and obtain token, and the transmission obtained will be calculated
To second communication module 603;According to the token that token in described API request and calculating obtain in advance
The random number of the encryption that the parameter of agreement is obtained by non-reversible algorithm;
Second communication module 603, calculates, for sending to client, the token obtained.
In one embodiment, to verify described token whether effective process permissible for described processing module 602
It is:
The parameter made an appointment described in index information acquisition according to described token, makes an appointment according to described
Parameter calculate current token by non-reversible algorithm, it is judged that the order in current token and described API request
Board is the most identical, if identical, then the token in API request is effective, if it is not the same, then API please
Token valid in asking.
In one embodiment, the index information of described token is identity, and described identity includes
Appointing in the IP address of described client, MAC Address, client identification, Customs Assigned Number, user account
A kind of information of meaning;Described communication module 602 is additionally operable to, after described customer center authentication is passed through, connect
Receive the identity that described customer center returns;And when described token is sent to described client, will
Described client is issued in described identity;
Described processing module 602 is additionally operable to when the token verified in API request is the most effective, from described
API request obtains described identity, searches corresponding with described identity according to described identity
The parameter made an appointment.
In one embodiment, the parameter made an appointment includes at least one identity, described identity mark
Know and include the IP address of described client, MAC Address, client identification, Customs Assigned Number, user account
In any one information.
It addition, the parameter made an appointment can also include encrypting key, described encryption key is random number.
Furthermore, the parameter made an appointment can also include effect duration certificate parameter, described communication module 602
It is additionally operable to, when described client sends described token, send described validity verification parameter to client
End;
Described processing module 602 verify described token whether effective process it may also is that
Judge that described token is the most expired according to described validity verification parameter, if out of date, then described
Token in API request lost efficacy;If not out of date, then the parameter made an appointment described in basis calculates current
Token, it is judged that current token is the most identical with the token in described API request, if identical, then described
Token in API request is effective, if it is not the same, the token valid in the most described API request.
Fig. 7 is that the software logic block diagram of the safety certification device 700 of API Calls is as it can be seen, this device
Run on client, including:
Memory module 701, for when receiving the token of server, stores described token;Described
The encryption that the parameter made an appointment according to token and described new token is obtained by non-reversible algorithm with
Machine number;
Message constructing module 702, for when constructing API request, taking described token and authentication information
Band is at described API request;
Communication module 703, for receiving the described token of server, and issues described memory module, with
And described API request is sent to server.
Wherein said communication module 703 is additionally operable to receive the index information of the token that described server sends,
And issue described memory module 701 and store;
Message constructing module 702 is additionally operable to, when constructing described API request, be carried by described index information
In described API request.
In one embodiment, the index information of described token is identity, and described identity includes
Appointing in the IP address of described client, MAC Address, client identification, Customs Assigned Number, user account
A kind of information of meaning.
In one embodiment, the parameter made an appointment includes at least one identity, described identity mark
Know and include the IP address of described client, MAC Address, client identification, Customs Assigned Number, user account
In any one information;Described message constructing module 702 is additionally operable to collect described identity, and
During structure API request, described identity is carried in described API request.
Refer to Fig. 8, for the logic diagram of the security certification system 800 of the application API Calls, including
Server 102, customer center 103.
Server 102, for when after the API request receiving client, if taken in described API request
With token, then verify the token in described API request the most effective;If in described API request not
Carrying the token in token or described API request is invalid token, then by the authentication in described API request
Information is submitted to customer center 103 and is carried out authentication;Pass through in the authentication of described customer center 103
After, it is sent to described client by calculating the token obtained;The order that in API request, token and calculating obtain
The random number of the encryption that the parameter made an appointment according to board is obtained by non-reversible algorithm;
Described customer center 103, is used for the described authentication information according to the transmission of described server 102 to institute
State client and carry out authentication, and the result of authentication is notified described server 102.
In one embodiment, described server 102 verifies described token and the most effectively includes:
The parameter made an appointment described in index information acquisition according to described token, makes an appointment according to described
Parameter calculate current token by non-reversible algorithm, it is judged that the order in current token and described API request
Board is the most identical, if identical, the token in the most described API request is effective, if it is not the same, then institute
State the token valid in API request.
In one embodiment, the index information of described token is identity, and described identity includes
Appointing in the IP address of described client, MAC Address, client identification, Customs Assigned Number, user account
A kind of information of meaning;
Described customer center 103 is additionally operable to after the authentication by described client, by described client
The identity of end returns to described server 102;
When described server 102 is additionally operable to that the described token calculating acquisition is sent to described client, will
Described client is issued in described identity;When the token verified in described API request is the most effective,
From described API request, obtain described identity, search and described identity mark according to described identity
Know the corresponding parameter made an appointment.
In one embodiment, the parameter made an appointment includes at least one identity, described identity mark
Know and include the IP address of described client, MAC Address, client identification, Customs Assigned Number, user account
In any one information.
It addition, in another embodiment, the parameter made an appointment also includes encrypting key, described encryption
Key is random number.And validity verification parameter, described server 102 is additionally operable to:
When described client sends the described token calculating and obtaining, described validity verification parameter is sent
To client;
The token that described server 102 verifies in described API request the most effectively includes:
Judge that the token in described API request is the most expired according to described validity verification parameter, if
Expired, the most described token lost efficacy;If not out of date, then the parameter made an appointment described in basis calculates current
Token, it is judged that current token is the most identical with the token in described API request, if identical, then described
Token is effective, if it is not the same, the token valid in the most described API request.
In said apparatus, the function of unit and the process that realizes of effect specifically refer in said method corresponding
Step realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part ginseng
See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically,
The wherein said unit illustrated as separating component can be or may not be physically separate, makees
The parts shown for unit can be or may not be physical location, i.e. may be located at a place,
Or can also be distributed on multiple NE.Can select according to the actual needs part therein or
The whole module of person realizes the purpose of the application scheme.Those of ordinary skill in the art are not paying creativeness
In the case of work, i.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all at this
Within the spirit of application and principle, any modification, equivalent substitution and improvement etc. done, should be included in
Within the scope of the application protection.
Claims (26)
1. a safety certifying method for API Calls, runs on server end, it is characterised in that the party
Method includes step:
When, after the API request receiving client, if described API request carries token, then verifying
Token in described API request is the most effective;If described API request does not carries token or described
Token in API request is invalid token, then the authentication information in described API request is submitted to user
Center carries out authentication;After described customer center authentication is passed through, send out calculating the token obtained
Give described client;According to the token that token in described API request and described calculating obtain in advance
The random number of the encryption that the parameter of agreement is obtained by non-reversible algorithm.
Method the most according to claim 1, it is characterised in that verify the order in described API request
The most effective process of board includes:
The parameter made an appointment described in index information acquisition according to the token in described API request, according to
The described parameter made an appointment calculates current token by non-reversible algorithm, it is judged that current token is with described
Token in API request is the most identical, if identical, the token in the most described API request is effective, as
Fruit differs, the token valid in the most described API request.
Method the most according to claim 2, it is characterised in that the token in described API request
Index information is identity, described identity include the IP address of described client, MAC Address,
Any one information in client identification, Customs Assigned Number, user account;Described method also includes:
After described customer center is by the authentication of described client, receives described customer center and return
Identity;
When the described token calculating acquisition is sent to described client, described identity is issued described
Client;
When the token verified in described API request is the most effective, obtain described from described API request
Identity, searches the parameter made an appointment corresponding with described identity according to described identity.
Method the most according to claim 1, it is characterised in that:
The parameter made an appointment includes that at least one identity, described identity include described client
IP address, MAC Address, client identification, Customs Assigned Number, any one letter in user account
Breath.
Method the most according to claim 4, it is characterised in that: the parameter made an appointment also includes adding
Close key, described encryption key is random number.
Method the most according to claim 4, it is characterised in that the parameter made an appointment also includes
Effect phase certificate parameter, described method further comprises the steps of:
When described client sends the described token calculating and obtaining, described validity verification parameter is sent
To client;
Verify the most effective step of the token in described API request to include:
Judge that the token in described API request is the most expired according to described validity verification parameter, if
Expired, the token in the most described API request lost efficacy;If not out of date, then make an appointment described in basis
Parameter calculates current token, it is judged that current token is the most identical with the token in described API request, if
Identical, the token in the most described API request is effective, if it is not the same, the order in the most described API request
Board is invalid.
7. a safety certifying method for API Calls, runs on client, it is characterised in that the method
Including step:
When receiving the token of server, described token is stored;Make an appointment according to described token
The random number of encryption that obtained by non-reversible algorithm of parameter;
When constructing API request, described token and authentication information are carried in described API request;
Described API request is sent to server.
Method the most according to claim 7, it is characterised in that described method further comprises the steps of:
When receiving the index information of the token that server is sent, the index information of described token is deposited
Storage;
When constructing described API request, described index information is carried in described API request.
Method the most according to claim 8, it is characterised in that the index information of described token is body
Part mark, described identity include the IP address of described client, MAC Address, client identification,
Any one information in Customs Assigned Number, user account.
Method the most according to claim 7, it is characterised in that the parameter made an appointment include to
Few a kind of identity, described identity includes the IP address of described client, MAC Address, client
Any one information in end mark, Customs Assigned Number, user account;Described method further comprises the steps of:
Collect described identity, and when constructing API request, described identity is carried described
In API request.
The safety certification device of 11. 1 kinds of API Calls, is positioned at server end, it is characterised in that bag
Include:
First communication module, for receiving the API request of client;
Processing module, in time carrying token in described API request, verifies in described API request
Token the most effective;The token not carried in described API request in token or described API request is
During invalid token, the authentication information in described API request is submitted to customer center and carries out authentication;
After described customer center authentication is passed through, it is sent to second communication module by calculating the token obtained;
The parameter made an appointment according to the token that token in described API request and described calculating obtain is not by
The random number of the encryption that reversible algorithm obtains;
Described second communication module, for sending the described token calculating and obtaining to described client.
12. devices according to claim 11, it is characterised in that the verification of described processing module is described
Token in API request the most effectively includes:
The parameter made an appointment described in index information acquisition according to the token in described API request, according to
The described parameter made an appointment calculates current token by non-reversible algorithm, it is judged that current token is with described
Token in API request is the most identical, if identical, the token in the most described API request is effective, as
Fruit differs, the token valid in the most described API request.
13. devices according to claim 12, it is characterised in that the token in described API request
Index information be identity, described identity include the IP address of described client, MAC ground
Any one information in location, client identification, Customs Assigned Number, user account;Described communication module is also
After at described customer center by the authentication of described client, receive described customer center and return
Identity;And when the described token calculating acquisition is sent to described client, by described identity
Mark issues described client;
Described processing module is additionally operable to when the token verified in described API request is the most effective, from described
API request obtains described identity, searches corresponding with described identity according to described identity
The parameter made an appointment.
14. devices according to claim 11, it is characterised in that:
The parameter made an appointment includes that at least one identity, described identity include described client
IP address, MAC Address, client identification, Customs Assigned Number, any one letter in user account
Breath.
15. devices according to claim 14, it is characterised in that: the parameter made an appointment also includes
Encryption key, described encryption key is random number.
16. devices according to claim 14, it is characterised in that the parameter made an appointment also includes
Validity verification parameter, described communication module is additionally operable to when described client sends described token, by institute
State validity verification parameter to send to client;
The token that described processing module verifies in described API request the most effectively includes:
Judge that the token in described API request is the most expired according to described validity verification parameter, if
Expired, the token in the most described API request lost efficacy;If not out of date, then make an appointment described in basis
Parameter calculates current token, it is judged that current token is the most identical with the token in described API request, if
Identical, the token in the most described API request is effective, if it is not the same, the order in the most described API request
Board is invalid.
The safety certification device of 17. 1 kinds of API Calls, runs on client, it is characterised in that bag
Include:
Memory module, for when receiving the token of server, stores described token;Described token
According to the random number of encryption that obtained by non-reversible algorithm of the parameter made an appointment;
Message constructing module, for when constructing API request, carrying described token and authentication information
Described API request;
Communication module, for receiving the described token of server, and issues described memory module, and will
Described API request is sent to server.
18. devices according to claim 17, it is characterised in that described communication module is additionally operable to connect
Receive the index information of the token that described server sends, and issue the storage of described memory module;
Message constructing module is additionally operable to, when constructing described API request, carry described index information in institute
State in API request.
19. devices according to claim 18, it is characterised in that the index information of described token is
Identity, described identity includes the IP address of described client, MAC Address, client mark
Any one information in knowledge, Customs Assigned Number, user account.
20. devices according to claim 17, it is characterised in that the parameter made an appointment include to
Few a kind of identity, described identity includes the IP address of described client, MAC Address, client
Any one information in end mark, Customs Assigned Number, user account;Described message constructing module is additionally operable to
Collect described identity, and when constructing API request, described identity is carried at described API
In request.
The security certification system of 21. 1 kinds of API Calls, including server, customer center, its feature exists
In,
Described server, for when after the API request receiving client, if taken in described API request
With token, then verify the token in described API request the most effective;If in described API request not
Carrying the token in token or described API request is invalid token, then by the authentication in described API request
Information is submitted to customer center and is carried out authentication;After described customer center authentication is passed through, will meter
Calculate the token obtained and be sent to described client;Token in described API request and described calculating obtain
The random number of the encryption that the parameter made an appointment according to token is obtained by non-reversible algorithm;
Described customer center, enters described client for the described authentication information sent according to described server
Row authentication, and the result of authentication is notified described server.
22. systems according to claim 21, it is characterised in that the verification of described server is described
Token in API request the most effectively includes:
The parameter made an appointment described in index information acquisition according to the token in described API request, according to
The described parameter made an appointment calculates current token by non-reversible algorithm, it is judged that current token is with described
Token in API request is the most identical, if identical, the token in the most described API request is effective, as
Fruit differs, the token valid in the most described API request.
23. systems according to claim 22, it is characterised in that the token in described API request
Index information be identity, described identity include the IP address of described client, MAC ground
Any one information in location, client identification, Customs Assigned Number, user account;
Described customer center is additionally operable to after the authentication by described client, by described client
Identity returns to described server;
When described server is additionally operable to that the described token calculating acquisition is sent to described client, by described
Described client is issued in identity;When the token verified in described API request is the most effective, from institute
State and API request obtains described identity, search and described identity pair according to described identity
The parameter made an appointment answered.
24. systems according to claim 21, it is characterised in that:
The parameter made an appointment includes that at least one identity, described identity include described client
IP address, MAC Address, client identification, Customs Assigned Number, any one letter in user account
Breath.
25. systems according to claim 24, it is characterised in that: the parameter made an appointment also includes
Encryption key, described encryption key is random number.
26. systems according to claim 24, it is characterised in that the parameter made an appointment also includes
Validity verification parameter, described server is additionally operable to:
When described client sends the described token calculating and obtaining, described validity verification parameter is sent
To client;
The token that described server verifies in described API request the most effectively includes:
Judge that the token in described API request is the most expired according to described validity verification parameter, if
Expired, the token in the most described API request lost efficacy;If not out of date, then make an appointment described in basis
Parameter calculates current token, it is judged that current token is the most identical with the token in described API request, if
Identical, the token in the most described API request is effective, if it is not the same, the order in the most described API request
Board is invalid.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510280745.2A CN106302346A (en) | 2015-05-27 | 2015-05-27 | The safety certifying method of API Calls, device, system |
| PCT/CN2016/080307 WO2016188290A1 (en) | 2015-05-27 | 2016-04-27 | Safety authentication method, device and system for api calling |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510280745.2A CN106302346A (en) | 2015-05-27 | 2015-05-27 | The safety certifying method of API Calls, device, system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106302346A true CN106302346A (en) | 2017-01-04 |
Family
ID=57392441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510280745.2A Pending CN106302346A (en) | 2015-05-27 | 2015-05-27 | The safety certifying method of API Calls, device, system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106302346A (en) |
| WO (1) | WO2016188290A1 (en) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196950A (en) * | 2017-06-12 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | Method of calibration, device and service end |
| CN107493286A (en) * | 2017-08-23 | 2017-12-19 | 杭州安恒信息技术有限公司 | A kind of RPC remote procedure calling (PRC) methods based on secure authentication |
| CN107911381A (en) * | 2017-12-01 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | Access method, system, server-side and the client of application programming interface |
| CN107911344A (en) * | 2017-10-28 | 2018-04-13 | 杭州安恒信息技术有限公司 | A kind of safe docking calculation of cloud platform |
| CN108259502A (en) * | 2018-01-29 | 2018-07-06 | 平安普惠企业管理有限公司 | For obtaining the identification method of interface access rights, server-side and storage medium |
| CN108322416A (en) * | 2017-01-16 | 2018-07-24 | 腾讯科技(深圳)有限公司 | A kind of safety certification implementation method, apparatus and system |
| CN108462581A (en) * | 2018-01-08 | 2018-08-28 | 平安科技(深圳)有限公司 | Method, apparatus, terminal device and the storage medium that network token generates |
| CN108512845A (en) * | 2018-03-30 | 2018-09-07 | 广州视源电子科技股份有限公司 | The method of calibration and device that interface calls |
| CN108809988A (en) * | 2018-06-14 | 2018-11-13 | 北京中电普华信息技术有限公司 | A kind of authentication method and system of request |
| CN108830099A (en) * | 2018-05-04 | 2018-11-16 | 平安科技(深圳)有限公司 | Call verification method, device, computer equipment and the storage medium of api interface |
| CN108989283A (en) * | 2018-05-31 | 2018-12-11 | 努比亚技术有限公司 | A kind of request of data, control method, server, client terminal and storage medium |
| CN109189590A (en) * | 2018-08-16 | 2019-01-11 | 黄疆 | Memory management method and device based on RESTful service |
| CN109246092A (en) * | 2018-08-22 | 2019-01-18 | 北京旷视科技有限公司 | Interface managerial method, device, system, computer readable storage medium |
| CN109302425A (en) * | 2018-11-28 | 2019-02-01 | 河北省科学院应用数学研究所 | Identity identifying method and terminal device |
| CN109309667A (en) * | 2018-08-28 | 2019-02-05 | 东软集团股份有限公司 | The authentication method and device, storage medium and electronic equipment that interface calls |
| CN109391689A (en) * | 2018-10-08 | 2019-02-26 | 郑州云海信息技术有限公司 | A kind of method and device that micro services application programming interface is called |
| WO2019047064A1 (en) * | 2017-09-06 | 2019-03-14 | 深圳峰创智诚科技有限公司 | Permission control method, and server end |
| CN109587251A (en) * | 2018-12-07 | 2019-04-05 | 用友网络科技股份有限公司 | Session access method and server |
| CN110191112A (en) * | 2019-05-22 | 2019-08-30 | 北京百度网讯科技有限公司 | Auth method, device, mobile unit and server |
| CN110247905A (en) * | 2019-06-05 | 2019-09-17 | 黄疆 | The data backup memory method and system of secure authentication mode based on Token |
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
| CN111030812A (en) * | 2019-12-16 | 2020-04-17 | Oppo广东移动通信有限公司 | Token verification method, device, storage medium and server |
| CN111143816A (en) * | 2018-11-05 | 2020-05-12 | 纬创资通股份有限公司 | Verification and authorization method and verification server |
| CN111147525A (en) * | 2020-02-27 | 2020-05-12 | 深圳市伊欧乐科技有限公司 | Authentication method, system, server and storage medium based on API gateway |
| CN111698312A (en) * | 2020-06-08 | 2020-09-22 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
| CN112579996A (en) * | 2019-09-29 | 2021-03-30 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
| CN112804269A (en) * | 2021-04-14 | 2021-05-14 | 中建电子商务有限责任公司 | Method for realizing website interface anti-crawler |
| CN113781255A (en) * | 2021-08-06 | 2021-12-10 | 广西电网有限责任公司 | Block chain-based safe data storage method and system for electric power transaction system |
| CN113946811A (en) * | 2021-10-20 | 2022-01-18 | 工银科技有限公司 | Authentication method and device |
| CN114969684A (en) * | 2022-07-29 | 2022-08-30 | 江苏羽驰区块链科技研究院有限公司 | Document printing and tracing method based on block chain and print-scanning watermark resistance |
| CN115242469A (en) * | 2022-07-07 | 2022-10-25 | 安天科技集团股份有限公司 | Secure access API, secure communication method, electronic device and storage medium |
| CN115296877A (en) * | 2022-07-25 | 2022-11-04 | 紫光云技术有限公司 | Method for invalidation and renewal of JWT storage token |
| CN115242469B (en) * | 2022-07-07 | 2024-05-24 | 安天科技集团股份有限公司 | Secure access API, secure communication method, electronic device, and storage medium |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259437B (en) * | 2016-12-29 | 2021-06-04 | 北京神州泰岳软件股份有限公司 | HTTP access method, HTTP server and system |
| CN109495426B (en) * | 2017-09-12 | 2021-08-17 | 腾讯科技(深圳)有限公司 | Data access method and device and electronic equipment |
| CN110287265B (en) * | 2019-06-28 | 2023-10-10 | 深圳市元征科技股份有限公司 | Login request processing method and device, server and readable storage medium |
| CN110958119A (en) * | 2019-10-25 | 2020-04-03 | 泰康保险集团股份有限公司 | Identity verification method and device |
| CN111080253B (en) * | 2019-12-11 | 2023-03-03 | 深圳供电局有限公司 | Random sun type power transmission line field operation method and system |
| CN111416846B (en) * | 2020-03-12 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Communication method, system, server and storage medium |
| CN113761503B (en) * | 2020-09-14 | 2024-05-17 | 北京沃东天骏信息技术有限公司 | Interface call processing method and device |
| CN112437079B (en) * | 2020-11-20 | 2023-04-07 | 中国人寿保险股份有限公司 | Intranet access method and device |
| CN113485824A (en) * | 2021-04-24 | 2021-10-08 | 中电长城网际系统应用广东有限公司 | API (application programming interface) interface management method of integrated operation and maintenance platform |
| CN114117401B (en) * | 2022-01-22 | 2022-05-27 | 深圳竹云科技股份有限公司 | API (application program interface) secure calling method, device, equipment and computer storage medium |
| CN114760133B (en) * | 2022-04-15 | 2023-10-03 | 中国电信股份有限公司 | RESTful interface authentication method, device, system, equipment and medium |
| CN115134113B (en) * | 2022-05-13 | 2024-04-09 | 山东鲁软数字科技有限公司 | Platform data security authentication method, system, terminal and storage medium |
| CN114928487A (en) * | 2022-05-18 | 2022-08-19 | 山东浪潮智慧医疗科技有限公司 | Method for solving failure of micro-signaling board in high-concurrency scene |
| CN114826778B (en) * | 2022-06-21 | 2022-09-27 | 杭州安恒信息技术股份有限公司 | Authentication method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN103188344A (en) * | 2013-02-22 | 2013-07-03 | 浪潮电子信息产业股份有限公司 | Method for safely invoking REST API (representational state transfer, application programming interface) |
| CN103699824A (en) * | 2014-01-13 | 2014-04-02 | 浪潮(北京)电子信息产业有限公司 | Method, system and client for calling REST (Representational State Transfer) API (Application Program Interface) |
| CN104079407A (en) * | 2013-03-29 | 2014-10-01 | 北京千橡网景科技发展有限公司 | Token generation and verification method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217367B (en) * | 2007-01-04 | 2010-12-29 | 中国移动通信集团公司 | An operation right judgment system and method realized by introducing right judgment client end |
| US9405896B2 (en) * | 2011-04-12 | 2016-08-02 | Salesforce.Com, Inc. | Inter-application management of user credential data |
-
2015
- 2015-05-27 CN CN201510280745.2A patent/CN106302346A/en active Pending
-
2016
- 2016-04-27 WO PCT/CN2016/080307 patent/WO2016188290A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101534196A (en) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | Method and apparatus for securely invoking a rest api |
| CN103188344A (en) * | 2013-02-22 | 2013-07-03 | 浪潮电子信息产业股份有限公司 | Method for safely invoking REST API (representational state transfer, application programming interface) |
| CN104079407A (en) * | 2013-03-29 | 2014-10-01 | 北京千橡网景科技发展有限公司 | Token generation and verification method and device |
| CN103699824A (en) * | 2014-01-13 | 2014-04-02 | 浪潮(北京)电子信息产业有限公司 | Method, system and client for calling REST (Representational State Transfer) API (Application Program Interface) |
Cited By (42)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108322416B (en) * | 2017-01-16 | 2022-04-15 | 腾讯科技(深圳)有限公司 | Security authentication implementation method, device and system |
| CN108322416A (en) * | 2017-01-16 | 2018-07-24 | 腾讯科技(深圳)有限公司 | A kind of safety certification implementation method, apparatus and system |
| CN107196950A (en) * | 2017-06-12 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | Method of calibration, device and service end |
| WO2018228036A1 (en) * | 2017-06-12 | 2018-12-20 | 武汉斗鱼网络科技有限公司 | Verification method and device, server, and readable storage medium |
| CN107493286A (en) * | 2017-08-23 | 2017-12-19 | 杭州安恒信息技术有限公司 | A kind of RPC remote procedure calling (PRC) methods based on secure authentication |
| WO2019047064A1 (en) * | 2017-09-06 | 2019-03-14 | 深圳峰创智诚科技有限公司 | Permission control method, and server end |
| CN107911344A (en) * | 2017-10-28 | 2018-04-13 | 杭州安恒信息技术有限公司 | A kind of safe docking calculation of cloud platform |
| CN107911381A (en) * | 2017-12-01 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | Access method, system, server-side and the client of application programming interface |
| CN108462581A (en) * | 2018-01-08 | 2018-08-28 | 平安科技(深圳)有限公司 | Method, apparatus, terminal device and the storage medium that network token generates |
| CN108259502B (en) * | 2018-01-29 | 2020-12-04 | 平安普惠企业管理有限公司 | Authentication method for obtaining interface access authority, server and storage medium |
| CN108259502A (en) * | 2018-01-29 | 2018-07-06 | 平安普惠企业管理有限公司 | For obtaining the identification method of interface access rights, server-side and storage medium |
| CN108512845A (en) * | 2018-03-30 | 2018-09-07 | 广州视源电子科技股份有限公司 | The method of calibration and device that interface calls |
| CN108830099A (en) * | 2018-05-04 | 2018-11-16 | 平安科技(深圳)有限公司 | Call verification method, device, computer equipment and the storage medium of api interface |
| CN108989283A (en) * | 2018-05-31 | 2018-12-11 | 努比亚技术有限公司 | A kind of request of data, control method, server, client terminal and storage medium |
| CN108809988A (en) * | 2018-06-14 | 2018-11-13 | 北京中电普华信息技术有限公司 | A kind of authentication method and system of request |
| CN109189590A (en) * | 2018-08-16 | 2019-01-11 | 黄疆 | Memory management method and device based on RESTful service |
| CN109246092B (en) * | 2018-08-22 | 2021-08-10 | 北京旷视科技有限公司 | Interface management method, device, system and computer readable storage medium |
| CN109246092A (en) * | 2018-08-22 | 2019-01-18 | 北京旷视科技有限公司 | Interface managerial method, device, system, computer readable storage medium |
| CN109309667A (en) * | 2018-08-28 | 2019-02-05 | 东软集团股份有限公司 | The authentication method and device, storage medium and electronic equipment that interface calls |
| CN109391689A (en) * | 2018-10-08 | 2019-02-26 | 郑州云海信息技术有限公司 | A kind of method and device that micro services application programming interface is called |
| CN111143816A (en) * | 2018-11-05 | 2020-05-12 | 纬创资通股份有限公司 | Verification and authorization method and verification server |
| CN111143816B (en) * | 2018-11-05 | 2023-02-28 | 纬创资通股份有限公司 | Verification and authorization method and verification server |
| CN109302425A (en) * | 2018-11-28 | 2019-02-01 | 河北省科学院应用数学研究所 | Identity identifying method and terminal device |
| CN109302425B (en) * | 2018-11-28 | 2021-02-26 | 河北省科学院应用数学研究所 | Identity authentication method and terminal equipment |
| CN109587251A (en) * | 2018-12-07 | 2019-04-05 | 用友网络科技股份有限公司 | Session access method and server |
| CN110191112A (en) * | 2019-05-22 | 2019-08-30 | 北京百度网讯科技有限公司 | Auth method, device, mobile unit and server |
| CN110191112B (en) * | 2019-05-22 | 2022-03-11 | 阿波罗智联(北京)科技有限公司 | Identity verification method and device, vehicle-mounted equipment and server |
| CN110247905A (en) * | 2019-06-05 | 2019-09-17 | 黄疆 | The data backup memory method and system of secure authentication mode based on Token |
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
| CN112579996A (en) * | 2019-09-29 | 2021-03-30 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
| CN112579996B (en) * | 2019-09-29 | 2023-11-03 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
| CN111030812A (en) * | 2019-12-16 | 2020-04-17 | Oppo广东移动通信有限公司 | Token verification method, device, storage medium and server |
| CN111147525A (en) * | 2020-02-27 | 2020-05-12 | 深圳市伊欧乐科技有限公司 | Authentication method, system, server and storage medium based on API gateway |
| CN111698312A (en) * | 2020-06-08 | 2020-09-22 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
| CN111698312B (en) * | 2020-06-08 | 2022-10-21 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
| CN112804269A (en) * | 2021-04-14 | 2021-05-14 | 中建电子商务有限责任公司 | Method for realizing website interface anti-crawler |
| CN113781255A (en) * | 2021-08-06 | 2021-12-10 | 广西电网有限责任公司 | Block chain-based safe data storage method and system for electric power transaction system |
| CN113946811A (en) * | 2021-10-20 | 2022-01-18 | 工银科技有限公司 | Authentication method and device |
| CN115242469A (en) * | 2022-07-07 | 2022-10-25 | 安天科技集团股份有限公司 | Secure access API, secure communication method, electronic device and storage medium |
| CN115242469B (en) * | 2022-07-07 | 2024-05-24 | 安天科技集团股份有限公司 | Secure access API, secure communication method, electronic device, and storage medium |
| CN115296877A (en) * | 2022-07-25 | 2022-11-04 | 紫光云技术有限公司 | Method for invalidation and renewal of JWT storage token |
| CN114969684A (en) * | 2022-07-29 | 2022-08-30 | 江苏羽驰区块链科技研究院有限公司 | Document printing and tracing method based on block chain and print-scanning watermark resistance |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016188290A1 (en) | 2016-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106302346A (en) | The safety certifying method of API Calls, device, system | |
| US10880306B2 (en) | Verification information update | |
| CN105007280B (en) | A kind of application login method and device | |
| US9298890B2 (en) | Preventing unauthorized account access using compromised login credentials | |
| CN109802941A (en) | A kind of login validation method, device, storage medium and server | |
| US8590014B1 (en) | Network application security utilizing network-provided identities | |
| CN104184713B (en) | Terminal identification method, machine identifier register method and corresponding system, equipment | |
| Unger et al. | Shpf: Enhancing http (s) session security with browser fingerprinting | |
| CN110069941A (en) | A kind of interface access authentication method, apparatus and computer-readable medium | |
| CN109743163A (en) | Purview certification method, apparatus and system in micro services framework | |
| CN108416589A (en) | Connection method, system and the computer readable storage medium of block chain node | |
| US11978053B2 (en) | Systems and methods for estimating authenticity of local network of device initiating remote transaction | |
| CN105119722B (en) | A kind of auth method, equipment and system | |
| USRE47533E1 (en) | Method and system of securing accounts | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| JP2013211020A (en) | Method and apparatus for preventing phishing attacks | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| CN106878250B (en) | Cross-application single-state login method and device | |
| Ferry et al. | Security evaluation of the OAuth 2.0 framework | |
| CN104734849A (en) | Method and system for conducting authentication on third-party application | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN106663268A (en) | Platform identity architecture with a temporary pseudonymous identity | |
| CN110113366A (en) | A kind of detection method and device of CSRF loophole | |
| CN103634111B (en) | Single-point logging method and system and single sign-on client-side | |
| CN106027574A (en) | Identity authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |